iptables config
thedude666
Member Posts: 69 ■■□□□□□□□□
Hi all,
In the RHCSA/RHCE book Hands-on Guide to the Red Hat Exams: RHCSA and RHCE Cert Guide I found following task on page 307.
Task 2: Firewall rules:
Create the following firewall rules:
a. Allow access to TCP port 3306 on RHEL02.
b. Allow access to TCP port 22 on all servers in the lab.
c. Deny access to port 80 and port 3306 on Client02.
d. Deny access to port 80 from Client02 on Client01.
I perfectly know how to implement these rules literally.
However, in real life, dropping/rejecting all traffic by default is a best-practice. So should I then just create these rules literally or can I block all traffic by default on the exam and only adding rules that are allowing things?
As for c. this would result in no changes. And because of b. being applied only a rule should be added to allow connections to port 22(which in the end requires no action as well as it is opened by default IIRC).
So technically I have no problem implementing this, however it is more how I should interprete this question. (all traffic is normally blocked by default, except port 22 of course)
In the RHCSA/RHCE book Hands-on Guide to the Red Hat Exams: RHCSA and RHCE Cert Guide I found following task on page 307.
Task 2: Firewall rules:
Create the following firewall rules:
a. Allow access to TCP port 3306 on RHEL02.
b. Allow access to TCP port 22 on all servers in the lab.
c. Deny access to port 80 and port 3306 on Client02.
d. Deny access to port 80 from Client02 on Client01.
I perfectly know how to implement these rules literally.
However, in real life, dropping/rejecting all traffic by default is a best-practice. So should I then just create these rules literally or can I block all traffic by default on the exam and only adding rules that are allowing things?
As for c. this would result in no changes. And because of b. being applied only a rule should be added to allow connections to port 22(which in the end requires no action as well as it is opened by default IIRC).
So technically I have no problem implementing this, however it is more how I should interprete this question. (all traffic is normally blocked by default, except port 22 of course)